Aramark Data Breach Exposes Social Security Numbers

On September 13, 2024, Aramark, a leading provider of food and facilities management services, disclosed a significant data breach affecting some of its employees. This breach was particularly concerning as it involved a sophisticated phishing scheme that targeted the company's payroll system, myPay.

The breach impacted at least 12 individuals in Massachusetts, with the potential for more employees to be affected across other regions.

The attackers created a fraudulent website mimicking the official Aramark myPay portal, deceiving employees into entering their login credentials. Once the attackers obtained these credentials, they accessed the legitimate myPay site and altered direct deposit information to redirect paychecks to different bank accounts. This breach is part of a broader scheme targeting companies using myPay or similar services.

Information Exposed

• Name
• Address
• Social Security Number
• Direct deposit details

Aramark's Response

In response to this breach, Aramark took immediate action to assist affected employees. The company is collaborating with industry partners to prevent similar incidents in the future. To help protect the identities of those impacted, Aramark is offering complimentary access to Experian IdentityWorksSM for 24 months. This service includes identity restoration support and a $1 million identity theft insurance policy.

Aramark has also provided detailed instructions to employees on how to recognize phishing attempts and securely access the myPay portal. Employees are advised to use only the official Aramark myPay portal and to report any suspicious activity to the company's IT department.

Steps for Affected Individuals

If you believe you have been affected by this data breach, it is crucial to take immediate action to protect your personal information. Here are some recommended steps:

1. Enroll in Experian IdentityWorksSM: Take advantage of the complimentary 24-month membership offered by Aramark. This service includes credit monitoring and identity restoration support. Visit Experian IdentityWorks to enroll using the activation code provided in your notification letter.
2. Monitor Your Credit Reports: Regularly check your credit reports for any unauthorized activity. You can obtain free copies of your credit report from Annual Credit Report.
3. Place a Fraud Alert: Contact one of the major credit bureaus to place a fraud alert on your credit file. This alerts creditors to verify your identity before opening new accounts in your name.
4. Consider a Security Freeze: A security freeze prevents creditors from accessing your credit file without your consent, which can help prevent new accounts from being opened fraudulently.
5. Stay Vigilant: Be cautious of phishing emails and other attempts to obtain personal information. Always verify the legitimacy of any requests for sensitive information.

About Aramark

Aramark serves a diverse range of clients, including educational institutions, Fortune 500 companies, sports teams, healthcare providers, and cultural attractions in 18 countries. The company's commitment to service is reflected in its efforts to address and mitigate the impact of this data breach on its employees.

For more details on the data breach, you can view the official notice on the Massachusetts Attorney General's website.